logo

Excessive Execution of Sequential Searches of Data Resource

Incomplete Base
Structure: Simple
Description

This weakness occurs when a database query is structured in a way that forces the system to scan entire tables row-by-row, instead of using an available index for efficient lookups.

Extended Description

When a query cannot use an index, the database engine must perform a full sequential scan, checking every single row in a table or view to find matching results. This is like searching through every page of an unsorted book instead of using the index. For large datasets, this process consumes significant server resources (CPU, memory, and I/O) and causes severe performance degradation, leading to slow response times and timeouts. While this is primarily a performance issue, it can become a security vulnerability if an attacker can trigger or influence these inefficient queries. By repeatedly executing such searches, an attacker could exhaust system resources, leading to a denial-of-service (DoS) condition that impacts application availability for all users.
Common Consequences 1
Scope: Other

Impact: Reduce Performance
References 1
Automated Source Code Performance Efficiency Measure (ASCPEM)
Object Management Group (OMG)
01-2016
https://www.omg.org/spec/ASCPEM/(2023-04-07)
ID: REF-959
Related Weaknesses
ChildOf: Inefficient CPU Computation (CWE-1176)
Taxonomy Mapping
  • OMG ASCPEM